Hard1 markMultiple Choice

Area II: SecurityApplication SecuritySQL InjectionArea II

CPA · Question 74 · Area II: Security

Which of the following is a 'Preventive' control for 'SQL Injection'?

Answer options:

A.

Web Application Firewall (WAF)

B.

Using Parameterized Queries / Prepared Statements

C.

Database Encryption

D.

Regular Backups

How to approach this question

SQL Injection fix = Parameterized Queries.

Full Answer

B.Using Parameterized Queries / Prepared Statements✓ Correct

Parameterized queries ensure that the database treats user input as data, not executable code, effectively neutralizing SQL injection attacks.

Common mistakes

Relying on WAFs (which can be bypassed) instead of fixing the code.

Question 73 All questions Question 75

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →